Upload File

dynamic virtual credit card numbers - cerias · dynamic virtual credit card numbers ian molloy,...

  • Home
  • Documents
  • Dynamic Virtual Credit Card Numbers - CERIAS · Dynamic Virtual Credit Card Numbers Ian Molloy, Jiangtao Li, and Ninghui Li John Doe 678 Card Issuer Account Number Luhn Check Code
1
Dynamic Virtual Credit Card Numbers Ian Molloy, Jiangtao Li, and Ninghui Li John Doe 678 Card Issuer Account Number Luhn Check Code Card Verification Value Expiration Date Dynamic Virtual Credit Card Numbers • Calculate Keyed MAC of transaction • Use MAC in place of account number • Card Issuer can verify the MAC • Binds the merchant, date and amount to the account number • Stolen card numbers loose their value • Don't need to trust the merchant MAC Transaction Parameters • Expiration Date • Merchant • Amount • Billing Address Shared Secrets • Account Number • Password k = SHA1(Account||Password) V = HMAC k (Transaction) Implementation • Java 2 MicroEdition MIDlet 2.0 • Runs on everyone's favorite ubiquitous computing device: mobile phones CERIAS CREDIT CARD 0123 4567 8901 2345 02/07 John Doe Not Valid Unless Signed. Don't bother writing "Ask for ID," no one ever does. For further details, see our paper in the Eleventh International Conference on Financial Cryptography and Data Security 2007 CERIAS CREDIT CARD 0123 45XX XXXX XXXC 02/07 John Doe Account & CVV Credit Card Numbers get Stolen • Laptop with credit card info for 80,000 DOJ workers stolen March 31, 2005 • Hotels.com Credit-Card Numbers Stolen June 2, 2006 • Amazon Unit Loses Credit Card Data to Hackers March 6, 2001 • 40 Million Credit Card Numbers Hacked June 18, 2005 Previous Work • Microsoft Patent 5883810 Transaction-proxy Numbers • Implemented by Orbiscom for Discover, CitiBank, MBNA, and PayPal • Requires Card Issuer to generate new account number Security • Complete • Can always generate an account number • Sound • Can always identify the correct account • Secure Against Forgery • No VCC numbers can be forged • Secure Against Account Recovery • No adversary can gain the actual account number Miscellaneous • We can create multi-use numbers • Unaffected by collisions in the account space • Can handle collisions from AVS Can we do this offline? What's the problem? Why do we send our actual account number? 496-BB6.pdf 1 3/1/2007 3:16:22 PM

Upload: phungtu

Post on 20-Aug-2018

227 views

Category:

Documents


3 download

Report

TRANSCRIPT

Page 1: Dynamic Virtual Credit Card Numbers - CERIAS · Dynamic Virtual Credit Card Numbers Ian Molloy, Jiangtao Li, and Ninghui Li John Doe 678 Card Issuer Account Number Luhn Check Code

Dynamic VirtualCredit Card Numbers

Ian Molloy, Jiangtao Li, and Ninghui Li

John Doe 678

Card Issuer

Account Number

Luhn Check Code

Card Verification Value

Expiration Date

Dynamic Virtual Credit Card Numbers• Calculate Keyed MAC of transaction• Use MAC in place of account number• Card Issuer can verify the MAC• Binds the merchant, date and amount to the account number• Stolen card numbers loose their value• Don't need to trust the merchant

MAC

Transaction Parameters• Expiration Date• Merchant• Amount• Billing Address

Shared Secrets• Account Number• Password

k = SHA1(Account||Password)V = HMACk(Transaction)

Implementation• Java 2 MicroEdition MIDlet 2.0• Runs on everyone's favorite ubiquitous computing device: mobile phones

CERIAS CREDIT CARD

0123 4567 8901 234502/07

John Doe

Not Valid Unless Signed. Don't bother writing "Ask for ID," no one ever does.

For further details, see our paper in the Eleventh International Conference on Financial Cryptography and Data Security 2007

CERIAS CREDIT CARD

0123 45XX XXXX XXXC02/07

John Doe

Account & CVV

Credit Card Numbers get Stolen• Laptop with credit card info for 80,000 DOJ workers stolen March 31, 2005• Hotels.com Credit-Card Numbers Stolen June 2, 2006• Amazon Unit Loses Credit Card Data to Hackers March 6, 2001• 40 Million Credit Card Numbers Hacked June 18, 2005

Previous Work• Microsoft Patent 5883810 Transaction-proxy Numbers • Implemented by Orbiscom for Discover, CitiBank, MBNA, and PayPal • Requires Card Issuer to generate new account number

Security• Complete • Can always generate an account number• Sound • Can always identify the correct account• Secure Against Forgery • No VCC numbers can be forged• Secure Against Account Recovery • No adversary can gain the actual account number

Miscellaneous• We can create multi-use numbers• Unaffected by collisions in the account space• Can handle collisions from AVS

Can we do this offline?

What's the problem? Why do we send our actual account number?

496-BB6.pdf 1 3/1/2007 3:16:22 PM

coj
Text Box
469-BB6 - Dynamic Virtual Credit Card Numbers - Ian Molloy - CRM

VIRTUAL CARD VIRTUAL CARD ACCOUNTS products, services … · 2015-08-24 · Account, recipient of 2010 innovation in Payments ... Unique virtual card numbers (VCNs), linked to real

Numbers in english Flash card

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

New Tiger 2 Word Cards - Macmillan Education · 2019. 11. 29. · Card 1 Jay Card 2 Sue Card 3 Li Card 4 Tiger Card 5 climb a tree Card 6 eat ice cream Card 7 play on a swing Card

Requestor Information – Please Print Payment InformationCredit card numbers Unlisted telephone numbers Drivers’ license numbers Certain records of higher education institutions:

C4, L1, S1 Probabilities and Proportions. C4, L1, S2 I am offered two lotto cards: –Card 1: has numbers –Card 2: has numbers Which card should I take

EMDEON VIRTUAL CARD PAYMENTS - Healthcare … · Virtual Card Payments do not require the swiping of a physical card for payment to occur. ... † Virtual card numbers are credit

NAB Traveller Card PDS · QUICK REFERENCE NAB Traveller Card Contact Details Card Services email address: [email protected] Contact Numbers for Card Services 24/7

Numbers Card Game - Outnumber. 6 times more math practice

Ran#e - PartSelect...These numbers are also on the Consumer Product Ownership Registration Card that came with your range. Before sending in this card, please write these numbers here:

Tiger 2 Flashcards - macmillaneducation.es · Card 1 Tiger Card 2 Jay Card 3 Sue Card 4 Li Card 5 ride a bike Card 6 play on a swing Card 7 eat ice cream Card 8 climb a tree Card

The Payments Ecosystem: Security Challenges in the 21st ......3. Print card contact numbers, including non-toll-free 4. Record “first six” and “last four” of card numbers 5

Mezzanine Card for Intel v2.0 · PDF fileMezzanine Card for Intel v2.0 Motherboard Authors: Harry Li, Hardware Engineer Jia Ning, Hardware Engineer . ... The mezzanine card is installed

Numbers with Histories: Li Chunfeng on Harmonics and …

Symbolism In Chinese Culture ---Meaning of Numbers Li Liang ([email protected])

Quick Start Guide - Workswell · Phone numbers E-mail and Web ID Headquarters ... Quick start guide Administrator Key Card Download Card Hard transport case . Phone numbers E-mail

Math Card Games - SAU 39 / · PDF file50 if making 2 digit numbers (or to 500 for 3 digit numbers, 5000 for 4 digit numbers or 50,000 for 5 digit numbers.)

Identifying Gift Card Numbers Target · PDF fileIdentifying Gift Card Numbers ... immediately write every unique number for the purchased car ds and keep track of which ... receipt

Card Game Capers - Prek 12 Stone... · Teacher: You have been playing Card Game Capers and making different numbers. How many different two-digit numbers are possible? Carlos? Carlos:

C4, L1, S1 Chapter 3 Probability. C4, L1, S2 I am offered two lotto cards: –Card 1: has numbers –Card 2: has numbers Which card should I take so that

Guide for New Employees · 2021. 1. 5. · CVS Caremark contact numbers are listed under the “Pharmacy” numbers on the back of the card.) You should also receive one debit card

DoorKing Part Numbers DKProx/Mifare USB PC Card Reader...RFID Reader DoorKing Part Numbers 1815-640 DKProx style card reader 1815-620 Mifare style card reader Title 1815-665-B-12-19

INSTRUCTIONS · 2019. 12. 30. · WHY the trick works : Look at the table on the next pages and notice what numbers are printed on each card: All Numbers on the YELLOW card ( 20)

Workbox Numbers - Little Learning · PDF fileWorkbox Numbers These numbers were created to be used as box numbers for the workbox system. I suggest you print these on card stock and

SECTION 2 - University of Windsorathena.uwindsor.ca/units/international/student.nsf... · use a phone card, dial the numbers explained on the card- do not insert the card into the

Investigation of Vishing Fraud Voice phishing is typically used to steal Credit Card /ATM Card numbers, PIN Numbers, CVV Number or other Banking credential

Preventing credit card numbers from escaping your … · Obtaining credit card numbers for testing. In order to test the validity of the profile you will need to use a credit card

Have Fun Teachingfiles.havefunteaching.com/flash-cards/numbers/number-flash-cards-… · Numbers Flash Card Set oeo oo o eooo 0000 e 20 Numbers Flash Card Set Il Il oeeeoe Numbers

Global Privacy Cybersecurity Update- · names, Social Security numbers, payment card numbers, checking and routing account numbers, insurance provider information, salary information,

Cyber/Privacy Insurance. Information Exposures Credit Card Information Personally Identifiable Information –Social Security Numbers –Drivers License Numbers

This presentaon is made available with the approval and ... County/IIA OC... · Stolen credit and debit card numbers can sell from $5 to $100 on the dark net. > Card numbers and user

Winning at Math and Writing with Sports Card Games Numbers On The Court Numbers On The Diamond

The power of credit card numbers and enhanced CVVs · Universidade Católica Portuguesa Faculdade de Engenharia The power of credit card numbers and enhanced CVVs Valentim Vieira

Opos Li P Card Stars

VIRTUAL CARD NUMBERS A TRAVEL MANAGER’S … · VIRTUAL CARD NUMBERS A TRAVEL MANAGER’S GUIDE ... number on the front of a plastic credit card. ... card numbers on the device,